Automated system for management of licensed software

ABSTRACT

Methods and apparatuses are disclosed for providing a system for automatically tracking use of a software and also for determining whether the software is validly licensed and enabling or disabling the software accordingly. Exemplary systems involve attaching a licensing system module to a software application. Records of valid licenses are stored in the database maintained by the software provider. The licensing system module transparently forms a license record inquiry message. The message is transparently sent to the database over a public network, such as the Internet, to determine whether a valid license record exists in the database for the software application. The database forms and returns an appropriate response message that is interpreted by the licensing system module. The software application can then be appropriately enabled or disabled by the licensing system module. The receipt of the license record inquiry can be recorded in the database to monitor software use.

BACKGROUND

[0001] The present invention relates to software licensing, and inparticular to a system for automated monitoring and management oflicensed software.

[0002] It is well known that software is not purchased, but onlylicensed for use. Software, unlike manufactured products, can be freelycopied and distributed. Hence, software providers are largely limited intheir choice of control means. Unfortunately, a software license ismerely a legal mechanism, and can not literally prevent illicit copyingof proprietary software. A typical software license grants a permit touse the licensed software application on a particular machine and,perhaps, the generation of backup copies for personal use. A softwarelicense provides a software provider with a legal instrument againstimpermissible use of licensed software. However there remains noeffective mechanism for preventing or monitoring illicit copying orillegal proliferation in the first place. Hence, software providers mustrely on the public to not pirate software, and rely on their licenseesto abstain from furnishing copies of software to friends or others. Asignificant amount of software piracy occurs in commercial settings.Commercial licensees are usually vigilant about license compliance.However, even the most attentive MIS manager (Management InformationSystems) cannot prevent employees from copying software off of companymachines for their personal use. As a result of illicit copying,software providers must adjust their prices, forcing legitimate buyersto pay higher prices to offset revenue losses.

[0003] Although the estimates for losses due to piracy are estimated inthe billions of U.S. dollars, such estimates remain mere projections.This is because there way of determining how widely software is copied.More specifically, there is no mechanism by which to monitor theproliferation and use of software, copied or otherwise. Statisticsregarding the use of legitimately purchased software also remainsunknown to software providers and vendors. Despite sales data, purchasedsoftware may be found ineffective by users and sit, unused, on harddrives. Consequently, software providers may not have a firmunderstanding of how their products are being received by users. Whetherused or not, most proprietary software contains some security mechanismand/or registration mechanism.

[0004] There are a number of schemes designed to prevent software frombeing copied, or to make use of copied software unduly burdensome. Theseschemes, however, are largely ineffective, complex, and add todevelopment costs. Furthermore, for every protection scheme devised byprogrammers, there are hackers who will diligently go about underminingthem. A first line of defense is to encourage legitimate users toregister their licensed software.

[0005] Registration of software provides a software provider with arecord of a valid license. Registration typically involves filling outand mailing a registration card that is provided in an off-the-shelfsoftware package. A user may be asked to write in the serial number ofthe software set, along with other pertinent information. The defensemechanism in registration, albeit weak, is that a software provider willonly render assistance and support to properly registered users. Thatis, a software provider will refuse to grant assistance to a user unlessthe user has properly registered their software.

[0006] The registration process also may involve responding to promptsgenerated by the software when it is first run. The prompt may be asecurity system asking the user to enter the serial number and/or acodeword to enable the software. The codeword may be a word appearing atprompt-designated locations in a user manual. This security schemeoperates on the premise that a pirate will not ordinarily have a copy ofthe user manual. After the software is up and running, it mayperiodically prompt the user to re-enable the software by entering adifferent codeword appearing at varying locations in the user manual.This scheme is subverted by copying the manual and registration number.

[0007] An on screen registration/enablement process may involve writingthe registration number to disk. This is only possible with floppy disksas CD-ROMS are, at present, a largely read-only medium. If the disk isused again to load the software application, the software may prompt theuser with a warning that the software has already been loaded (e.g., “ISLOADING OF THIS SOFTWARE PERMITTED? RECORDS INDICATE THAT THIS SOFTWAREHAS ALREADY BEEN LOADED. YOU MAY BE IN VIOLATION OF YOUR LICENSEAGREEMENT.”). However, reloading of software may be normal in the eventof hard disk failure. Consequently, software providers cannot feasiblyprevent the software application from being loaded more than once.Furthermore, if first run registration enablement is required, copierscan simply copy the software repeatedly prior to registering theoriginal copy.

[0008] Another security technique is to enable a software applicationfor a defined period of time. This usually involves incorporating adate/time checking mechanism into the software application. Such amechanism may be used where a software provider wants to supply, forexample, a 30-day demonstration version of a software application foruser evaluation. If the user decides to purchase a license following theevaluation period, the user may contact the software provider and supplypayment information. Following approval (e.g., credit card) or receipt(i.e., check) of the payment, the software provider may supply the userwith a regular copy of the software, or provide instructions or acodeword to disarm or reset the date/time checking mechanism.

[0009] In operation, a date/time checking mechanism records a date/timestamp when a software application is first brought up. Alternatively, orin addition, the date/time mechanism may start a timer when theapplication is brought up. The date/time stamp is compared with thesystem date/time information maintained by the computer to determine ifthe software application is to be disabled. To subvert such a system,users have been known to reset the system date and system time toprevent expiration. In response, some software providers have resortedto writing complex code schemes to disable the software in the-eventthat the system date is tampered with. Such a security mechanism isoften used to control licensed software used in a commercial setting.

[0010] Software sold for use in a commercial or institutional setting isfrequently licensed for a predefined period of time. When such softwareis used on desktop computers, such computers are typically networked.The networked computers are usually connected to a file server, whichfile server may itself be tended by a computer management system thatmonitors and controls various file server groups. The file servercomputers act as a central location at which the desktop computers inthe file server group can access files and applications. The file serveralso may facilitate the control of licensed software on the desktopcomputers. This occurs in the situation where the commercial softwarelicense is a so-called “floating license.”

[0011] Commercial software licenses for operating a plurality of desktopcomputers normally are of two varieties: “fixed” or “floating.” A fixedlicense permits a software application to run on certain designatedcomputers (e.g., computer numbers one through five, in a ten computerfile server group, are designated for the licensed softwareapplication). A floating license permits a certain number ofapplications to run on any number of computers at a given time. So anapplication operating under a floating license may be allowed tosimultaneously run on no more than ten of twenty computers in a networkat any given time. Licensing management software is maintained in thenetwork file server to monitor the number of floating licenses beingused.

[0012] Commercial software is prone to installation interruptions as italmost always requires involved enablement procedures. In accordancewith regular industry practices, commercial software applications areordinarily enabled following their installation by contacting thesoftware provider for enablement instructions and/or enabling codes.This process is rarely instantaneous. The software provider usuallyconfirms that the software license is proper and paid for before faxing,e-mailing, or even using regular mail, to provide a set of enablinginstructions, enabling codes, or disk(s) with which to bring theapplication up. Consequently, the software remains disabled untiladditional instructions are supplied and followed, which are usuallysent only after an enablement request is approved.

[0013] Management of floating licenses on networked computers involvestwo control software components: an application portion, and anauthenticator portion. The application portion is nested within anapplication running on a desktop computer. The authentication portion isa code module contained in the file server that monitors and authorizesapplications running on the desktop computers. When a user attempts toopen the application software, the application portion code communicateswith the authenticator code module to check to see if a floating licenseis available. If the maximum number of floating licenses are alreadybeing used, the software application is not allowed to open. Licensingcontrol software also may be used to monitor defined term licenses todisable software in networked machines after license expiration.

[0014] If a commercial license expires, the software may be disabled,midstream, preventing users from completing projects. Re-enablementrequires contacting the software provider to purchase an additionallicense or extension. This may require re-execution of enablementprocedures with new instructions or codes. Hence, it may take some timebefore the software application is up and running again, which situationcan seriously inconvenience users.

[0015] The common shortcoming shared by all licensed software, is thatit requires some form of manual intervention for registration,enablement, and/or re-enablement. Manual intervention is cumbersome andcan render software useless until it is enabled or re-enabled. Theparamount issue is, however, that software providers have no mechanismfor monitoring and controlling the actual use, whether legitimate orillicit, of their product. Proprietary software is misappropriated on aglobal scale causing massive losses to software providers, which lossesare inevitably passed on to legitimate licensees.

[0016] What is needed is a licensing system that allows software use tobe monitored in an automated fashion, without user input. Moreover, asoftware licensing system is needed that permits a software provider totransparently control the use of licensed software.

SUMMARY

[0017] The present invention addresses the foregoing problems byproviding a system for automatically determining whether a softwareapplication is licensed. In accordance with the invention, a genericlicensing module, or “client module,” is provided that a softwareprovider can attach to a software application. A software applicationhaving a client module attached thereto is hereinafter referred to as a“client application.” In accordance with preferred embodiments of theinvention, a client application loaded on a computer having access to apublic network, such as the Internet, automatically reports to acomputer maintained by a software provider. The client module is aprogram, application, or like composition of code that is preferablynested in a compiled version of a software application (i.e., to form aclient application). However, the client module can, in alternativeembodiments of the invention, be attached to a previously compiledsoftware application. Whether it is referring to a program nested in, orattached to a software application, the term client module is usedthroughout the present disclosure.

[0018] A client module utilizes the public network as a means totransparently send license inquiry request messages to, and receivelicense inquiry response messages from, a license server maintained by asoftware provider. The license server has a database on which licenseinformation, or records, are stored. The license server also can recordinformation contained in license inquiry request messages, and therebyaudit use of client applications. The license record can identify alicense in accordance with a hardware address, or hardware identifier ofthe computer, such as an IP address.

[0019] Operation of an exemplary system incorporating the inventioninvolves the client module in a client application generating inquiriesthat are sent to the license server in the context of an Internetcommunication session. The license server responds to the inquiry byinvestigating its database to determine whether a corresponding licenserecord is present. The license server then forms an appropriate responsemessage that is sent back to the client module.

[0020] If it is determined that the client application is not licensed(i.e., the database does not contain a corresponding license record),the response sent by the licensing server does not allow the clientapplication to be enabled. If the client application is licensed (i.e.,the database contains a record of a license), the response can allow theclient application to be enabled, or re-enabled. In sum, the clientapplication must be enabled for it to properly operate. Communicationbetween the computer and the licensing server is generally transparentto a user. That is, the client module automatically forms a connectionwith the license server, sends a message, and receives a response, allwithout user input or notification.

[0021] Alternatively, an exemplary embodiment of the invention can beused to monitor use of client applications. Operation of an exemplarysystem incorporating the invention for monitoring client application useinvolves using the client module in the client application to generatemessages that are sent to the licensing server. Such messages can besent over any public network to which a user computer, upon which theclient application is loaded, is connected. For example, a message canbe sent to the license server in the context of an Internetcommunication session. The license server tracks, or audits, the use ofclient applications by recording pertinent information contained in amessage generated by a client module. A database can be used to storethe information. A software provider or vendor can access recordedinformation stored in the database to generate client application usereports. Such an auditing system can be a part, or a function of, asystem for enabling, validating and/or disabling licensed software(i.e., client applications). When configured as such, audit data can bederived from license inquiry request messages. Furthermore, the licenserecord database in the license server can be used to store the collectedaudit data. Alternatively, a separate database can be used.

[0022] In a personal computer setting, an exemplary process inaccordance with the invention may involve utilizing a modem, or likedevice, in the computer. The client module generates and sends a licensevalidity inquiry request message to a regional or central license servermaintained by the software provider. The license server contains anagent module for communicating with the client module and a databasecontaining license records. The database in the license server ischecked to see if a valid license record exists for the requestingclient application and computer. If so, a message is transmitted backthat allows enablement or re-enablement of the client application. Thelicensing server also can record information corresponding to therequest in the database containing the license records, or in adifferent database.

[0023] If a license record is not found, the client application is notenabled. A menu can be presented asking whether the user would like topurchase a license, and thus enable the software. The menu may direct auser to a Web homepage where a license can be purchased, automaticallyopen a session to such a homepage, or provide a telephone number of asales representative or automated operator. Optionally, the user caninitiate a demonstration mode of operation to evaluate the clientapplication.

[0024] In a commercial or institutional computer environment (i.e.,networked computers), a licensing system in accordance with exemplaryembodiments of the invention can involve a hierarchical arrangement oflicensing modules arranged between client application(s) and a licenseserver. At the desktop computer level, a client module monitors one, ormore, software applications on the desktop computer. Computers, such asfile servers, residing at each level of the network, between the desktopcomputers and the license server, contain licensing modules. Licensingmodules include an agent component for communicating with a downstreamclient, a cache component for interim storage of license information,and a client component for communicating with an upstream agent.

[0025] Operation in an exemplary process involves the client module in adesktop computer communicating upstream with an agent component in alicensing module. A client component in that licensing modulecommunicates upstream with an agent component in a next licensingmodule, whose client component, in turn, communicates with a nextupstream agent, and so on. This arrangement is continued upward toconverge on a license server which contains an agent module. However,the license server is maintained by the software provider. Consequently,the uppermost licensing module in the institutional network communicateswith the license server by initiating a connection over a publicnetwork, such as the Internet. License enablement information issupplied to the upper-most licensing module by the license server, whichinformation is propagated back downstream via the licensing modules. Thecache components in the licensing modules can be used to store licenserecords so that license inquiries can be addressed without having toforward the validation inquiry request messages to the license server.

[0026] In a preferred embodiment of the invention, as applied in anetwork environment, the client and agent elements are generic. That is,client modules in the desktop computers and client components in each ofthe network level computers are substantially similar. Agent componentsin the licensing modules and the agent module in the license server alsoare substantially similar. The cache components of the licensing modulesare used to store information that defines the structure of licenserecords. Any client can communicate with any agent and vice versa. Thisarrangement facilitates network configuration flexibility.

[0027] Operation of an exemplary system incorporating the invention inthe network environment involves a client module in a client applicationforming and communicating a license validity inquiry request messageupstream. An agent component in a nearest upstream licensing modulereceives the request. The licensing module checks its cache to determineif a license record exists corresponding to the request. The licensingmodule can then respond with an appropriate message. If the licenseinformation is not found at that level, the licensing module can forwardthe request upstream to determine if the license is of record in anupstream cache. This may continue up to the license server. When and ifa license record is found, the information is copied into the cache ofthe licensing module nearest to the computer originating the request forfuture reference. In accordance with another aspect of systemsincorporating the invention, the licensing modules periodicallycommunicate upstream to fetch license information in order to revise andmaintain currency of their cached license records. By doing so, avalidity request can be addressed by a nearest upstream agent.Furthermore, periodic checking can permit management of request messagetraffic on the license server.

[0028] In accordance with an exemplary embodiment of the invention,license information is organized in class and sub-class designations.License information maintained on the license server covers blocks ofunderlying computers rather than the individual desktop computersthemselves. This provides for efficient communication of licenseinformation between the license server, licensing modules, and desktopcomputers.

[0029] Whether used in a personal or commercial computing environment,systems incorporating the present invention allow client software to beenabled or re-enabled at any time without significant delay. Softwareapplications operating in accordance with the present invention can beinstalled on any computer in the world having access to a publicnetwork, such as the Internet. If so desired, a client application canbe configured to not operate unless it receives acknowledgment of thepresence of a valid license record. As the use of computers expandsglobally, a licensing system in accordance with the present inventioncan ensure that a client application operating on any computer in theworld is properly licensed.

[0030] In addition, in a personal or network computing environment,systems incorporating the present invention can be used to monitorclient application use. Such a system can operate by recordinginformation from license validity inquiry requests messages that arereceived at the license server. Client application use, andcorresponding details, can be recorded when the client module sendslicense inquiry request messages back to the license server.Alternatively, the system can be used in an audit-only mode whereby theclient applications report relevant information back to the licenseserver, but do not require an enabling response message to continueoperating. As the use of computers expands globally, a licensing systemin accordance with the present invention can assist in tracking clientapplication use and proliferation.

[0031] Preferred embodiments of the present invention take advantage ofthe fact that an increasing number of computers, and computer networks,have direct access to the Internet. Systems in accordance with thepresent invention can utilize the Internet as the medium over whichlicense validity inquiry request inquiries and their correspondingresponses are transmitted.

[0032] In accordance with exemplary embodiments of the invention, if aclient application does not receive enablement information, the clientapplication is not enabled, or is disabled. Hence, any softwareapplication that contains a client module in accordance with theinvention, can be automatically enabled, or disabled. Furthermore, useof client module equipped applications can be tracked. Such a systemallows software to be freely distributed while ensuring that a licenseis taken for its use, or at the very least, ensuring that the use of thesoftware can be tracked.

BRIEF DESCRIPTION OF THE DRAWINGS

[0033] The foregoing, and other objects, features and advantages of thepresent invention will be more readily understood upon reading thefollowing detailed description in conjunction with the drawings inwhich:

[0034]FIG. 1 depicts a desktop computer in accordance with an exemplaryembodiment of the invention;

[0035]FIG. 2 depicts a flow diagram for operating the arrangement ofFIG. 1 in accordance with an exemplary process incorporating the presentinvention;

[0036]FIG. 3 depicts a regional server scenario in accordance with anexemplary embodiment of the invention;

[0037]FIG. 4 depicts a computer network arrangement in accordance withan exemplary embodiment of the invention;

[0038]FIG. 5 depicts a symbolic representation of the computer networkof FIG. 4;

[0039]FIG. 6 depicts an additional exemplary embodiment of the inventionwherein multiple software application licenses are managed; and

[0040]FIG. 7 depicts an additional exemplary embodiment of the inventionin a portable computer.

DETAILED DESCRIPTION

[0041]FIG. 1 depicts a personal computer system in accordance with anexemplary embodiment of the invention. The system includes a personalcomputer 100 that has a client application 103 residing on a hard drive104. The client application 103 is comprised of a software application102 and a client module 108. The computer 100 includes a modem 106. Theclient module 108 operates to enable or disable the software application102 pursuant to a response from a license server 110 in the context oflicense validity inquiries. The license server 110 contains a database112 having license records recorded thereon, and an agent module 114that communicates with the client module 108. The licensing server 110is typically maintained by the software provider who developed thesoftware application 102. Alternatively, the license server 110 can bemaintained by a contracted service provider. In a preferred embodiment,the client module 108 and the agent module 114 communicate over theInternet 116. However, -the client and agent can communicate over anypublic network. As used herein, the term public network encompasses notonly networks that are freely available to the public, generally, butalso any private network which can be subscribed to. The depiction ofthe client module 108 is merely for descriptive and illustrativepurposes. The client module 108 can be code nested within the softwareapplication 102.

[0042] In accordance with an exemplary embodiment of the invention, theclient module 108 automatically initiates a process to determine whetherthe software application 102 is validly licensed. This can happen eachtime the client application 103 is brought up. The licensing module 108operates transparently and utilizes the modem 106 to form a connectionwith the licensing server 110. Once the connection is made, the clientmodule 108 sends a license validity inquiry request message to thelicense server 110. The agent module 114 receives the request andqueries the database 112 to determine whether a license record existsthat corresponds to the client application 103 and computer 100. Thelicense server 110 also can record relevant information contained in thelicense validity inquiry request message to audit the use of clientapplication.

[0043] Pursuant to the query, a response message is generated andreturned back to the client module 108 by the agent module 114. If thequery finds a valid license record, the response message indicates thelicense record's existence and location in the database 112. The clientmodule 108 can record the license record location for future reference.If a license record is not located in the database 112, an appropriateresponse message is generated and returned. The presence of a recordpermits the client module 108 to enable, or to allow continued operationof (i.e., re-enable), the software application 102.

[0044] If the query of the database 112 returns an indication that alicense does not exist, the client module 108 can pursue any one of manycourses of action. The first possible course of action is to not enablethe software application 102, or to disable it if it is presentlyoperating. The client module 108 also may supply an appropriate messageto the user indicating that a license does not exist for the clientapplication. Alternatively, the client module 108 can supply a messageinstructing the user as to where and how a license can be purchased.This may involve directing the user to telephone the software provider'ssales department, or the message can direct the user to an appropriateWeb site homepage on a Web server 118 where the software can bepurchased.

[0045] If a license is purchased via a homepage on the Web server 118,the Web server 118 can automatically update the database 112 with theinformation supplied by the user or the computer 100 (e.g., IP addresssupplied in the context of a Web session), thereby creating a validlicense record. A subsequent client module license inquiry will allowthe client application 103 to be enabled. If the license purchasetransaction fails for any reason (e.g., a credit card supplied is notapproved), the license record can be removed from the database 112 bythe software provider. This has the effect of disabling the clientapplication in a next license validity inquiry. The practical effect ofsuch a system is to be able to provide software that is freelydistributable. Any user in possession of the client application 103 willnot be able to use it until a license is procured and a license recordis established.

[0046] An exemplary process of operating the arrangement depicted inFIG. 1 is shown in the flowchart of FIG. 2. The frequency and timing forperforming a license validation check can be selected according to thediscretion of the software application designer. In the exemplaryprocess depicted, the client module performs an initial check each timethe software application is brought up (step 200). The license validitychecking process is initiated (step 202) by utilizing a modem to form anInternet connection between the computer 100 and a licensing server(step 204). This may be done by having the client module instruct themodem to dial a 1-800 number maintained by the software provider thataccesses a local Internet gateway (if used in the United States).

[0047] Once the connection is confirmed (step 206), the client module103 forms a license validity inquiry request message (step 208). Therequest message may contain information such as the application name,the application version number, a date/time stamp, the name of a licenseserver 110 (if several license servers are maintained by the softwareprovider), and a hardware identifier, such as the IP address of thecomputer 100. After formation, the request message is sent to thelicense server 110 (step 210) over a public network*. The agent module114 in the license server 110 forms a query (step 212) to determinewhether a corresponding license record is stored in the database 112(step 214). The agent module 114 also can record audit information fromthe request message (step 213). If the query locates a record of alicense for the request, a response message is returned having a licenseID field comprising a pointer to the location of the license record inthe database 112 (step 218). If the query does not locate a record of alicense for the request, a response message is returned having a nullindication in the license ID field (step 216). The response message isreturned to the client module 108 (step 220) after which the Internetconnection is closed (step 222).

[0048] The client module 108 investigates the response message todetermine whether the license ID field contains a license ID (step 224).If the license ID field is null, the client module 108 fails to enablethe software application, or disables it (step 226). The client module108 may then prompt the user with any variety of messages (step 227).For example, the user may be prompted to assess whether a demonstrationperiod of operation would be acceptable. If so, this information can berecorded in the client module 108 and be passed upstream in the contextof a next validity inquiry request message. The server 110 will recordthis information in the database 112. Alternatively, the user can beprompted to contact a sales representative or automated operator topurchase a license, or directed to a Web homepage where a license forthe software application can be purchased. In the event of a licensepurchase, the database 112 can be automatically updated to record thelicense. Thereafter, a validity check will find a license record andallow the client application 103 to be enabled.

[0049] If the license ID field contains a license ID, this informationis recorded by the client module 103 for future use (step 228). Theclient module 108 then enables the software application 102 (step 230).The client module may, at this point, start a timer (step 232) forperiodic checking of license validity. Such a validity check isautomatically initiated when the timer expires (step 234). The clientmodule also can be configured to initiate a validity check whenever aninterrupt is present indicating a certain activity (step 236), such asprinting or saving.

[0050] Periodic checks performed at timer expiration, or uponappropriate interrupt, use the license ID, which is a pointer, todirectly access the database record corresponding to the license. If thelicense record is found, a response message indicates so, the softwareremains enabled, and the timer is reset. If the record is found empty,it may indicate that the license has expired. The response message willindicate this, and the software can be disabled. Alternatively, the usermay be requested to renew the license within a certain period of timebefore the software application 102 is disabled.

[0051] The date/time stamp information passed upstream in the licensevalidity inquiry request message can be used to detect whether thesystem date/time information on the computer 100 has been tampered with.This is done by comparing the date/time information passed in therequest message with the date/time information maintained on thelicensing server 110. Furthermore, in preferred embodiments of theinvention, license ID information is communicated between the clientmodule 108 and the agent module 114 in an encrypted form, as explainedin greater detail below.

[0052] In the event that no license is found, several response optionsare available which vary according to the requirements of, anddiscretion of a designer of the software application 102. As previouslymentioned, a response can be to provide the user with a phone numberthrough which a software license can be purchased, or to direct thecomputer user to a Web homepage maintained by the software provider.Alternatively, the client module 108 can directly initiate a sessionwith the Web server 118 that supports a homepage through which the usercan purchase a license. A first screen on such a homepage can prompt theuser to indicate whether the purchase of a full license would bedesirable, or whether a demonstration period is preferable to evaluatethe application. If neither of these options is selected the session isterminated. If the user opts to take a license, the user can be promptedwith questions asking which features in the software application are tobe enabled (the price of the license can be adjusted accordingly). Thesession can conclude with the presentation of a payment screen invitingthe user to enter credit card information, or to call a salesrepresentative in order to supply payment information.

[0053] If credit card information is supplied in the homepage session,it can be gathered using the system disclosed in the U.S. patentapplication Ser. No. (BDSM Attorney Docket No. 025553-014) entitled:“System for Securely Storing Information Received Over a PublicNetwork,” by Coley and Wesinger, filed on Feb. 6, 1996, and incorporatedherein by reference in its entirety. Once the credit card information isentered, a response message can be sent to the client module 108temporarily enabling the software application 102. The database 112 canthen automatically updated with a license record. If a credit card turnsout to be invalid, the license server database 112 can be updatedaccordingly by removing the license record and thereby disabling thesoftware pursuant to a next inquiry.

[0054] The exemplary inventive system described above allows clientapplications (i.e., software application having client modules) to befreely distributed while reasonably ensuring that they are, or will be,licensed if used. Any software application having a licensing systemclient module attached will not operate unless and until the licensesystem client module receives authority to enable the softwareapplication. Such a system allows global proliferation of the software,even in the form of a copy. However, such widespread use of clientapplications may result in the license server 110 being inundated withvalidity request message traffic. A dedicated license server can be setup to handle all of the license inquiry traffic for a particularsoftware application. Alternatively, some form of traffic management canbe invoked.

[0055] Traffic management can take many forms. It can involveestablishing regional license servers according to a geographicarrangement that permits efficient response to any licensing inquiryrequest messages. A client application initialization process can beused wherein a user enters the location (e.g., zip code, city, andcountry). This information can be used by the client module to select anappropriate autodial telephone number whereby a nearest softwareprovider license server can be accessed.

[0056] Regional license servers can receive license informationpropagated from a central licensing server. Client modules can contacttheir regional license server to assess whether license records existfor their corresponding client applications. Because use of the Internetis contemplated as a means for communicating licensing inquiry andresponse messages, the regional license server designated for aparticular client module can be assigned in accordance with efficientnetwork, and/or geographic, considerations. This can facilitateprovision of a swift response to license validity inquiry requestmessages.

[0057] An arrangement of regional licensing servers in accordance withan exemplary embodiment of the invention is depicted in FIG. 3. Regionallicensing servers 302 are comprised of an agent component 306, adatabase component 308, and a client component 310. A client module in adesktop machine 300 communicates with an agent component 306 in anassigned regional license server 302 over a public access network, suchas the Internet 316. The client component 310 in the regional licenseservers 302 communicates with an agent module 314 in a central licenseserver 304. License information can be systematically directed from thecentral license server 316 to appropriate regional license servers 302in accordance with information supplied when the license is procured.Alternatively, the regional license servers 302 can systematicallyrequest license record information with which to update their databasecomponents 308..

[0058] A variation on the regional license servers 302 can be used in alicensing management system incorporating the invention for applicationin a commercial setting. That is, wherein computers are networked in ahierarchical arrangement within a company or institution.

[0059]FIG. 4 depicts a commercial network system in accordance with anexemplary embodiment of the invention. Desktop machines 400 areorganized in file server groups. The file server groups are administeredby file server computers 402 through networks 404. The file servergroups can, for example, serve various design teams in a research anddevelopment facility of a corporation. The file servers 402 in the R&Dfacility are, in turn, tended by a minicomputer 406. The minicomputer406, and minicomputers 408 and 410 at other facilities (e.g.,manufacturing and sales) are networked under a main computer 412located, e.g., at the headquarters of the corporation. In accordancewith an embodiment of the invention, each desktop computer 400 containsa client module for monitoring one or more client applications. Theclient modules in the desktop computers 400 communicate upstream withlicensing modules contained respective file server computers 402. Thelicensing modules in the file server computers 402 communicate with alicensing module in the minicomputer 406, which licensing module, inturn, communicates with a licensing module in the main computer 412 atthe corporation headquarters. The licensing module in the main computer412 uses a public network, such as the Internet 414, to communicate witha license server 416 maintained by a software provider who developed thesoftware application(s) on the desktop computers 400. Main computers 413and 415 at other corporations or institutions also can communicate withthe license server 416 to communicate license inquiry and responsemessages.

[0060] A representation of the network scenario depicted in FIG. 4,illustrating licensing system components in accordance with an exemplaryembodiment of the invention, is shown in FIG. 5. Various networkcomputers are depicted in symbolic form to assist in illustrating thecomponents involved in the exemplary embodiment of the invention.Desktop computers 500 contain software applications 514 having licensingsystem client modules 516 attached thereto. The desktop computers 500are tended by group file servers 502 on networks 504. Each of the groupfile server computers 502, minicomputers 506, 508 and 510, and a maincomputer 512 contain a licensing module. A licensing module comprises anagent component 518, a cache memory component 520, and a clientcomponent 522. The license server 526 maintained by the softwareprovider contains an agent module 524. For any of the licensing modulesin the intermediate computers between the desktop computer 500 and thelicense server 526, the licensing module's client component 522communicates with the agent component 518 of an upstream licensingmodule, or with the agent module 524 of the license server. Thelicensing module's agent component 518 communicates with a downstreamlicensing module's client component 522, or a client module 516 in adesktop computer 500. Communication between the upper-most licensingmodule in the internal network (i.e., licensing module 512) and theagent module 524 in the license server 526, is conducted over a publicnetwork, such as the Internet 528.

[0061] An audit function can be implemented in a networked embodiment ofthe present invention in a number of ways. For example, the upper-mostlicensing module 512 can maintain software, such as an audit tool 530,that tracks use of client applications in underlying computers in thenetwork. An audit report can be periodically generated and sent upstreamto the license server 526. The license server 526 can record andinterpret the audit report to monitor use of client applicationsoftware. Alternatively, license validity inquiry request messagetraffic from individual client applications can be recorded in thelicense server 526. Audit information can be used to generate billinginvoices.

[0062] An additional aspect of the aforementioned audit system permitsan MIS manager at a corporation or institution to monitor the use ofclient applications for internal audit purposes. Such a system operatesby monitoring license inquiry traffic passing through a network to andfrom a license server. In an exemplary embodiment, such a systeminvolves maintaining internal auditing software (e.g., a tool or utilityprogram) in an upper-most level licensing module in an internal network.A report can be generated by the internal auditing software tool. Datain the report can be derived from information collected at theupper-most licensing module. The MIS manager can use the internal auditreports to manage the licensing arrangements of the client applicationson the network. For example, if a network of twenty desktop computers isfrequently using a maximum number of floating licenses for a particularclient application, the MIS manager can ascertain this by reviewinginternal audit records, and take appropriate action.

[0063] In accordance with preferred embodiments of the invention in anetwork setting, each of the agent-type components, and each of theclient-type components are generic. That is, any given agent component518, and the agent module 524 in the license server 526, issubstantially similar. The same is true of the client components 522 andthe client modules in the desktop computers 500. The parametersmaintained by, and passed between various license system elementsdefines the licensing system structure.

[0064] In accordance with a preferred embodiment of the invention, thelicense system operates by distributing licensing information to thecache components 520 in the licensing modules in response to inquiryrequests. The information contained in a particular cache component 520is specific to subordinate software applications 514, or licensingmodules. In accordance with a preferred embodiment, license informationis organized by class designations. Individual licenses for clientapplications on desktop machines 500 can be covered by sub-classlicenses maintained in the cache components 520 in the file servercomputers 502. The sub-class licenses on the file server machines 502can, in turn, fall under a class license maintained in the cachecomponent 520 of the minicomputer 506. The class license maintained onthe minicomputer's licensing module can be designated under a blocklicense maintained in a cache component 520 of the main computer 512.The client component 522 of the main computer's licensing modulecommunicates with the license server 526 to verify block licenses.

[0065] Validity inquiry traffic is managed in the exemplary system ofFIG. 5 through the use of the aforementioned license class designationstructure and through periodic updating of caches in licensing modules.By maintaining license information in a class/sub-class designation, asingle license validity inquiry generated by, for example, a fileserver's licensing module, can enable a sub-class license that coversthe client applications of all of the desktop computers 500 in the fileserver's group. This is generally more efficient than having eachdesktop computer 500 individually validate its own license through thelicense server 526. Furthermore, because the sub-class licensemaintained on the file server itself can fall under a class licensemaintained on the minicomputer, the validity inquiry by the file servermay be addressed by the minicomputer rather than forwarding the requestfurther upstream.

[0066] In accordance with a preferred embodiment of the invention,licensing modules periodically and systematically initiate licensevalidity inquiries upstream. The responses to the periodic inquiries arerecorded into the cache components of the licensing modules. As aresult, client modules and client components need ordinarily communicatewith a next upstream agent to be enabled, re-enabled, or to update theircaches. Periodic self-validation updating of the licensing modules alsoprovides for more uniform request traffic on the licensing server 526.This can provide efficiencies in propagating license information fromthe licensing server in response to license validity inquiries. Ofcourse, the foregoing system can operate by passing individual licensevalidity request and response messages through the licensing modules.

[0067] The result of the hierarchical arrangement is to control the flowof validity inquiry traffic received and responded to by the licensingserver. If a license server dedicated to a particular client applicationis employed, the license server may be able to handle all of the licenseinquiry traffic received. However, if a single license server handleslicense validity inquiry requests for a variety of client applications,request traffic management may be needed. By arranging the system in ahierarchical fashion and designating the licenses in accordance withclass and hierarchical subclass designations, the licensing server canmanage request traffic for a several different client applications.

[0068] Client components and modules contain a set of license managementprocedures for handling license record information. In accordance withan exemplary embodiment of the invention, three validation proceduresare used: Check Out License, Validate License, and Check In License.Check Out License is responsible for the initial enablement of a clientapplication. Validate License is responsible for periodic re-enablementof a client application. Check In License can be used for decrementing afloating license count, or indicating client application status in adatabase license record when use of a client application is completed.Check In License also may be used for disabling a license or featureafter its use in the event that there is a per-use cost associated withthe software. The following exemplary process descriptions are providedfor a case wherein a client application is validating itself directly,or indirectly (i.e., through one or more licensing modules) over theInternet.

[0069] Each of the procedures involves initially forming a connectionwith a corresponding upstream agent. The agent can be the agentcomponent of a licensing module in an upstream network file server, orlike machine containing a licensing module. Or the upstream agent may bethe agent module in a license server in which case the connection isformed over a public network, such as the Internet.

[0070] When a client application is first brought up, the Check OutLicense procedure is initiated. The purpose of the Check Out Licenseprocedure is to enable the software application to which the clientmodule is attached. In addition, the Check Out License procedure can beused by to track the proliferation of a client application. Inaccordance with an exemplary process incorporating the invention, theclient module's Check Out License call generates a client data structurecontaining: the name of the software application, any feature name(s)that is to be enabled, the name of the upstream agent component/module,a hardware identifier of the computer containing the client application,a date/time stamp, -and a version number of the licensing system. Otherfields are created in the client data structure that are filled in bythe upstream licensing module or license server.

[0071] Prior to, concurrently, or following the formation of the clientdata structure, the client module forms a connection with the upstreamagent component designated in the client data structure. Once theconnection is completed, the Check Out License procedure sends a licensevalidity inquiry request message to the upstream agent, which requestmessage contains the contents of the client data structure.Alternatively, the entire data structure can be sent. The informationfrom the client data structure is used by the upstream agent to form aquery with which to determine the existence, if any, of a license recordfor the client application. In the case where the upstream agent is theagent module in the license server, the query is performed on the serverdatabase. In the case where the upstream agent is an agent component ina licensing module (e.g., in a file server) the query is performed onthe licensing module's cache component.

[0072] If the query finds a license record in the database or cache, thelocation of that record, in the form of a pointer, is generated forstorage in a license ID field in the client data structure. Thelicensing module also generates an authorization ID for storage in afield of the same name in the client data structure. If the query doesnot locate a license record, the license ID field and authorization IDfield are left blank (i.e., nulled). Following the query, a licensevalidity inquiry response message is formed by the agent and returned tothe client. The response message contains the license and authorizationIDs, if any, that are to be stored in the client data structure.

[0073] The client module investigates the client data structure contentreturned by the agent component/module to analyze the license andauthorization ID information contained therein, if any. If these fieldsindicate the presence of a valid license, the client module enables thesoftware application. The license and authorization IDs are stored inthe client data structure in the client module for future licensevalidation checks. If the data structure fields for the license andauthorization IDs are null, the client application is not enabled andthe client data structure is deleted from the client module.

[0074] The database or cache query also may involve a comparison of thedate/time stamp contained in the client data structure with date/timeinformation maintained by the license server or license module system.This added security measure can detect a user's tampering with systemtime and date information on their computer. If the particular softwareapplication is operating in a demonstration mode for a predefined periodof time, the date/time stamp passed in the client data structure can beused as an initial check of whether the demonstration period hasexpired. If there is date/time corruption, the client application can bedisabled.

[0075] In an audit function, the contents of a message generated by theCheck Out License procedure can be recorded in the license server orupstream licensing module. Relevant information recorded by the licenseserver can include, but is not limited to, the hardware identifier ofthe computer upon which the client application is loaded (e.g., the IPaddress), the application name, feature names, and the applicationversion number. Additionally, a client module registration number, orlike identifying means, can be nested in a client application. Thisregistration number also can be passed upstream in a request message foraudit recordation. A client module registration number allows a softwareprovider to track the proliferation paths and patterns of copied clientapplications. Consequently, a software provider can determine the sourceof copied software. A software provider can force a user to attach anon-connected computer to a network access point by supplying a promptindicating to the user that a client application will not enable unlessand until it checks in. Consequently, if the user chooses to use theclient application (i.e., attach the computer to a network accesspoint), the software provider is informed of the client application'suse.

[0076] A second process initiated by a client module or a clientcomponent is the Validate License procedure. This process determineswhether a previously enabled client application is still validlylicensed. The procedure can be called at any time. For instance, theinitiation of the Validate License procedure can be in response to atimer expiration (i.e., a periodic check) or at the appearance of asystem interrupt (e.g., printing is selected). The Validate Licenseprocedure, in accordance with an exemplary process incorporating theinvention, generates a new client data structure containing: the name ofthe software application, any feature name(s) that is to be enabled, thename of the upstream agent component/module, the license ID, theauthorization ID, a date/time stamp, and the version number of thelicensing system.

[0077] Following completion of the upstream connection, the ValidateLicense procedure sends a license validity inquiry request message tothe upstream agent, which request message contains the new client datastructure contents. The license ID information in the client datastructure is used by the upstream agent to directly access the memorylocation where the license record was previously located. If the queryfinds a license record, a new authorization ID is generated by the agentand stored in the authorization ID field in the client data structure.If a license record no longer exists, the license ID field andauthorization ID field are nulled. A license validity inquiry responsemessage containing the client data structure is then formed by the agentand returned to the client module.

[0078] The client module investigates the data structure contentsreturned in the response message to analyze license and authorization IDinformation. If the authorization ID indicates the continued presence ofa valid license, the client module allows the client application toremain enabled. The new authorization ID is stored in the client datastructure in the client module for future license validation checks orto check in the license. If the data structure fields for the licenseand authorization IDs are null, the client application is disabled andthe client data structure is deleted. Alternatively, the user can beprompted to indicate whether a new license would be desirable. If so,any of the procedures previously described can be used to procure a newlicense (e.g., access a Web homepage).

[0079] The Check In License procedure can be used to return a license ordisable a feature when a user has completed use of the clientapplication or a feature contained therein. The procedure, in accordancewith an exemplary process incorporating the invention, generates a newclient data structure containing: the name of the software application,any feature name(s) that is to be disabled, the name of the upstreamagent component/module, the license ID, the authorization ID, adate/time stamp, and the version number of the licensing system.

[0080] Following completion of the upstream connection, the Check InLicense procedure sends a license check in request message to theupstream agent, which request message contains the new client datastructure contents. The license ID information in the client datastructure is used by the upstream agent to directly access the memorylocation where the license record was previously located. The existinglicense record is modified to indicate the disablement of a feature, oris deleted (if the agent is the agent module in the license server). Ifthe agent is an agent component in a licensing module, the license isdesignated for deletion. This information is passed upstream in alicense check in request message subsequently sent up stream by thelicensing module in its next periodic self-validation. The license andauthorization ID fields of the client data structure are nulled, and alicense check in response message containing the client data structureis then formed by the agent and returned to the client module. Theclient module then deletes the client data structure.

[0081] It is important to note that, in a network setting incorporatingthe aforementioned exemplary processes, the client components of thelicensing modules also can use the Check Out, Check In, and ValidateLicense procedures to update licensing records stored in their cachecomponents. Performance of these procedures by the licensing modules issubstantially similar to performance of the procedures by a clientmodule. However, the corresponding license ID, instead of referring toan individual client application, can refer to a class or sub-classlicense that covers a block of underlying client applications, orlicensing modules. As previously mentioned, the Validate Licenseprocedure can be periodically initiated by the licensing modules tosystematically update the contents of their caches and to provide forrequest traffic management received at the license server. Automaticallyauditing cached license records improves the likelihood of a clientapplication, or client component, finding a current license record in anext upstream agent in the context of a Check Out or Validate Licenseprocedure.

[0082] A licensing system in accordance with the invention, in apreferred embodiment, involves inserting licensing system code into apre-compiled version of a software application and then compiling thatapplication into a single executable client application. However, inaccordance with another embodiment of the invention, the licensingsystem can be provided as a module that is inserted into to an existingsoftware structure on a computer network. Such a system can be used tomonitor software application use in a computer network that does nototherwise have a means to audit application use. This type of system canbe used by individuals, such as MIS managers, who wish to audit softwareapplication use activity in a network. In an exemplary embodiment, aclient module installed in an individual desktop computer “wraps around”software applications selected for monitoring. When the wrappedapplication used, or seeks a floating license from a file server, alicensing module installed in the file server computer records theactivity. In a floating license system, the licensing module can beconfigured to always reserve a license for use by certain individualcomputers (e.g., the CEO's computer). Audit records generated by thelicensing module can be periodically checked by the MIS manager to seeif adjustments are needed (e.g., purchase a greater number of floatinglicenses).

[0083] A variation of the latter system also can be installed inexisting network to retrofit a licensing management system. Clientmodules wrap previously installed applications thereby converting theminto client applications. The client modules on individual computersmonitor and/or control client application use. The client modules canreport to licensing modules in upstream file servers, or report directlyto a license server over a public network. Such a system can be used bysoftware providers as an aftermarket component installed on top ofexisting software systems. In such a setting, a client module can beresponsible for handling license validation of more than one clientapplication loaded on the computer. If two or more client softwareapplications on a computer are by a same software provider, the clientmodule can generate a single validity request message covering eachwrapped client application. Such a system has the effect of providing ageneric licensing validation system for all of the licensed software ona desktop machine supplied by a particular software provider.

[0084] A exemplary licensing system that can be retrofitted in anexisting computer network is depicted in FIG. 6. An individual computer600 has a client module 618 installed therein. The client module 618 iswrapped around one or more software applications 620, 622, 624 and 626to create client applications. In a preferred embodiment, the clientapplications are specific to the software provider who is retrofittingtheir networked software with the licensing system. However, if alicense record database is configured as a “clearing house,” whereby amultitude of software providers consolidate license information in asingle server or a network of license servers, the client module 618 canvalidate software licenses by a variety of software providers. Theclient module 618 can enable, or validate, the client applications bycommunicating with a licensing module in a file server 602. Thelicensing module in the file server 602 also is a retrofitted componentin the license system. Licensing modules are installed in each of thecomputers (e.g., file servers, minicomputer, main computers) that formthe network hierarchy. Operation of such a system is substantiallysimilar to that of a network embodiment of a license management systemdescribed above. Alternatively, client modules can communicate directlywith a license server 604 over a public network, such as the Internet616.

[0085] As mentioned in the Background above, software licensingmanagement systems conventionally maintain proprietary, that isapplication specific, licensing code in software applications (i.e.,application portion). Corresponding proprietary licensing code also ismaintained in the file server or like network element (i.e.,authenticator portion). Consequently, a conventional system typicallyhas to maintain several separate licensing validation programs on a fileserver to check each of the software applications loaded on sub-tendedcomputers. A system in accordance with the latter embodiment of theinvention provides for a generic solution whereby a single client moduleis maintained on the desktop computer that handles all of the licensingmanagement for the computer's client applications. Hence, the computersand corresponding servers need not contain several licensing systemapplications each having proprietary code.

[0086] Because the exemplary embodiments described above describe use ofthe Internet as a communications medium, the hardware identifiermaintained in the client data structure is preferably the IP address ofa computer. However, any other suitable hardware identifier can be usedto identify the computer on which a client application or licensingmodule is loaded. For example, Intel's Pentium® processor contains aninternal serial number that can be used as a hardware identifier.Alternatively, a hardware module can be provided that is designedspecifically for a licensing system in accordance with the presentinvention. Such a hardware module can be attached to a parallel port ona computer can be used as a tag to identify the computer. The clientmodule in the computer scans the parallel port to acquire the computer'shardware ID for insertion into a client data structure.

[0087] The license ID maintained in the client data structure is used asa pointer to a location in the cache or database of a correspondingupstream licensing agent or server. The pointer designates the locationof the licensing record. A license record at any given level, canrepresent a relationship between the agent and an underlying client.That relationship, as designated by the license ID can be used as auniversal designator to replace designating a particular client/agentpair by application name, feature name, IP address, agent name, etc. Useof a license ID provides a more efficient means with which to track andcommunicate information regarding a particular license.

[0088] The authorization ID is used as a means to indicate the status ofa license in response to an enablement or validation inquiry. Theauthorization ID also can be used as an acknowledgement to a Check InLicense procedure that permits a client application to delete a clientdata structure. Furthermore, the authorization ID also can be used toreturn a status message containing an error code, an indication that theserver or agent is presently too busy to handle a query, an indicationof a connection or communication failure, or any other like message.Another important task facilitated by the authorization ID is its use insupporting encrypted communication between a client and an agent.

[0089] Communication between clients and agents, in accordance withpreferred embodiments of the invention, is encrypted. In an encryptionscheme according to an exemplary embodiment, the authorization ID isused to pass back a key for use in encryption processing. The encryptionscheme involves maintaining identical encryption engines incorresponding clients and agents. The key passed by the authorization IDis used as a common seed, or initialization vector, for initializing therespective encryption engines for encryption and decryption of messages.A new key is generated and passed back each time an agent responds to aclient inquiry, which key is used in a next round of communications. Thekey is stored in the client module in the context of storing the clientdata structure (containing the authorization ID). In a subsequentclient-to-agent communication the key is used for client encryption of amessage. The message is then decrypted at the agent using the commonkey.

[0090] In order to allow encryption synchronization, all of the datastructure fields in an initial communication between a client/agent pairare unencrypted. Subsequent communications have certain fieldsencrypted. In response to an initial communication, the agent passesback a first key. The message is then re-sent having designated fieldsof the client data structure encrypted. The response passed back by theagent in a next communication contains a new key for use in a subsequentcommunication. In this way, the client and agent maintain encryptionsynchronization by supplying the same key to their respective encryptionengines. In accordance with a preferred embodiment, the key is a randomnumber generated by an agent.

[0091] The encrypted fields of the data structure contents passingbetween a client and agent include the license and authorization Ids,and any proprietary data required for validation, such as floatinglicense information. All of the fields of the data structure contentscan be encoded, however, the application name, feature name, hardwareidentifier, and a licensing system version number are preferably leftunencoded. In the event that there is lack in synchronization, a clientor agent can look to the unencoded information and revert back to a mostrecent encryption key. If there is still lack of synchronization, arequest is passed that the client return to the initial message state,thereby allowing both the client and agent encryption engines to reset.

[0092] The frequency of validation checks is application dependent. Asoftware designer can select when and how often validation checks are tooccur, if at all. The licensing system can be configured in accordancewith the needs of a particular application. The software license can bevalidated, or enabled, each time the application is brought up on acomputer, or each time a particular feature is used (e.g., printing).The software license also can be validated in response to the expirationof a timer (i.e., periodic validation). If the response to thevalidation check is returns a null license ID, the client application isdisabled. To prevent a user from tampering with a client application, ora licensing module associated therewith, in an effort to disablevalidation checking, any number of watchdog timers can be nested in theclient application. The nested watchdog timer can be used toperiodically self-check the client application to determine whether ithas been validated within the watchdog period. If so, the watchdog timeris reset. If not, a validation check can be initiated or the clientapplication can be disabled.

[0093] Establishing a database license record in the licensing servercan be performed in a variety of ways. Software can be purchased andpaid for in an interactive commercial transaction conducted over theInternet, as described above. The result of such a transaction is toestablish a license record in the licensing server database. Asubsequent validation check by the client application will allow thesoftware to be enabled. The database entry also can be formed bypre-authorization. If the software is purchased from a vendor, thevendor, in the context of the transaction can perform the database entryshortly after the software is supplied to the user or company. When thesoftware is brought up on the client computer, an initial validity checkwill return an enablement response because a license record has alreadybeen established. Alternatively, software can be pre-enabled with atemporary term license thereby providing a software provider with a timewindow in which to establish a license record. Other techniques forestablishing an entry in the database, and thus enabling thecorresponding client application, include using automated telephoneoperator systems. A client can call a telephone number and use atouch-tone phone to respond to prompts presented by an automatedoperator. Hence, any mechanism for initializing the database, andconsequently automatically enabling the software, is deemed suitable.

[0094] Another aspect of systems operating in accordance with theinvention is feature enablement. The systems described above can be usedto enable and disable particular features in a client application. Sucha situation may occur wherein a software application has several levelsof operating capability. For instance, a user can selectively enhanceoperating capability by selecting features defined in a software featureapplication menu. In response, an associated client module can invokethe Check Out License procedure wherein the desired feature name ispassed upstream. The license, of course, does not exist yet, but thesystem can be configured to direct the user to, or provide the userwith, a feature enablement menu that requests that the user enter creditcard information, as described above. Alternatively, the system can beorganized to automatically initiate a process that creates a licensewhen new software is brought up. This can involve a mechanism that formsa Web server connection and supplies an authorization message thatcreates a database license entry. For a commercial client, a softwareprovider can monitor the activation and use of client applicationfeatures and bill the client accordingly.

[0095] As previously discussed, systems in accordance with the presentinvention can be used to audit the use and proliferation of software.Attachment of a licensing module to a software application causes thatsoftware application to report back to a licensing server at some point.If the client module or software application is configured to reportback the first time that the software application is brought up, asoftware provider can keep track of, or audit, which and how manymachines the software application is operating on. The licensing servercan be set to initially enable any request received for the softwareapplication being audited. At the discretion of the software provider,the software application can be turned off at anytime. The softwareprovider can respond to subsequent licensing enablement or validationrequests by supplying a prompt inviting the user to purchase a license.A variation on the audit function can be used to log questionable useractivity.

[0096] An additional security aspect of systems in accordance with theinvention is the provision of an activities log in the client module,licensing modules, or license server. Such a log gathers informationassociated with any or all validation requests, or irregularities.Information gathered in such a log may include, but is not limited to,data/time stamps (to ensure periodic checking is not interfered with),and the identity of a machine corresponding to the origin of an inquiryrequest. The foregoing information can be used to facilitate theinvestigation of a pirate if the pirate's activities require legalattention.

[0097] Software version control can be provided in accordance withanother aspect of the invention. Software version number information canbe passed upstream in the context of a license validity inquiry requestmessage. If the software version has expired, a message can be passedback in the status field of the authorization ID indicating thisinformation to a user. The user may then be asked to license and procurea new version of the software. Software version control can be used toprevent version collision, and to force users to stop using expiredsoftware versions by simply disabling them.

[0098] Another aspect of the invention is license system versioncontrol. By monitoring and controlling the version of the license systemthat is operating, a common denominator between client and agentcommunications can be maintained. Alternatively, in the event thatdifferent versions are allowed, appropriate translations of data fieldscan be made to ensure the different versions can still communicate. In apreferred embodiment, a given client can only communicate with an agentof the same or newer version. Licensing system version control alsopermits modifications to be made to improve, enhance, or entirely changean encryption schemes used by the licensing system.

[0099] The present invention also can be used to maintain a software usebilling system for use with commercial client applications. A billingsystem in accordance with the invention can use client application andfeature use information from the audit system. The audit systeminformation can be translated into billing statements. Consequently, acommercial client can optionally be billed only for what they have used,rather than a set up-front, annual, or monthly amount.

[0100] Most computers sold today have pre-installed modems. Individualdesktop machines operating in a DOS, Windows, OS/2, or like environment,can utilize their pre-installed, or aftermarket modems to initiatecommunications with an upstream agent or license server. Most commercialcomputers are designed for incorporation into network settings.Commercial computing systems, such as workstations, may operate in aUNIX environment. The UNIX environment is well suited to operation inaccordance with the invention. Most UNIX workstations are furnished withnetwork cards permitting them to be network connected. Such networkedcomputers thus have ready direct access to Internet or gateway nodesthrough which a license server or licensing module can be accessed.

[0101] The particular connectivity associated with a systemincorporating the invention is not critical. For example, a desktopmachine can contain an Ethernet network card, ISDN connection card,Internet card, conventional modem, terminal adaptor, or like device,with which to gain access to and communicate with a license server orlicensing module. Any accepted form of connection between two ar morecomputers can be used. A communications protocol in an Internetenvironment is based on a TCP/IP protocol, or a derivative thereof.However use of other communication protocols such as IPX/SPX (NOVEL), orlike protocols, also are suitable for facilitation of communication inthe present invention.

[0102] When using the Internet a the medium through which to checklicense validity, preferred embodiments of systems according to theinvention operate using a TCP (Transfer Control Protocol) mechanismrather than a UDP (Universal Datagram Protocol) mechanism. In a TCPcommunication, a connection is first formed before any information istransferred. That is, an interactive two-way session is established. Ina UDP communication, a message is sent without forming a connection. Themessage is routed in accordance with its destination addressinformation. The message's receipt is not guaranteed. More importantly,response time to a messages sent by UDP is unknown. More specifically,if heavy network traffic is present, a UDP-based message may be delayed.Consequently, there can be an unacceptable delay in enabling a clientapplication. Using a TCP messaging format guarantees a response, even ifthat response indicates that a connection cannot be made. A decision canbe made whether to re-attempt communication immediately or at a latertime. A TCP connection also is more secure because data is not beingcast into the network without guarantee of receipt, as is the case withUDP communications.

[0103] One scenario where UDP communication can be utilized is in anaudit system incorporating the invention. A client application cangenerate and send a UDP message when it is initially brought up, orwhenever a computer upon which the client application is loaded isattached to a public network.

[0104] In a non-connected or portable computer, such as a laptop, anexemplary licensing system in accordance with the invention can involverunning an internal licensing module, or an agent component thereof, onthe laptop computer itself. An exemplary embodiment of such anarrangement is depicted in FIG. 7. The agent component 706 of thelicensing module 702 acts on behalf of a license server 712 during theperiods that the portable computer 700 is out of communication with thelicense server 712. The agent component 706 can receive and respond tolicense validity inquiries generated by a client module 704 on softwareapplication 705 that is loaded on the portable 700 while the portable700 is in transit. Audits of client application use can be stored in thecache 708 of the licensing module 702. When the portable 700 isre-connected to a network access point, such as an Internet 716 gateway,the client component 710 of the licensing module 702 can establishcommunication with the agent module 714 in the license server 712 torefresh the information in its cache component 708 and/or supply anyaudit data upstream. If the user has not connected the laptop to anetwork access point for a prolonged period of time, the user can beprompted accordingly. This can be done pursuant to the expiration of atimer.

[0105] Systems not having network, or Internet access, can still beenabled in an automated, albeit semi-manual fashion. The licensingmodule in a software package to run on a non-networked machine cancontain a tag indicating this fact. The user may be prompted to call anumber and receive recorded information for enabling the software. Thisinformation, of course, requires initial manual entry to enable thesoftware, and periodic manual entry to validate the software. Thevalidation check can be performed by prompting a user to call a numberto automatically receive further enablement instructions. Suchinstructions are only provided if the license remains valid. Optionally,instructions can be automatically be returned by fax in response to avalidation request phone call.

[0106] A licensing module can be operated as a proxy agent on a firewallseparating a protected computer from a public network to which thecomputer is attached. Such a firewall proxy agent can operate inaccordance with the system disclosed in the U.S. patent application Ser.No. (BDSM Attorney Docket No. 025553-013), entitled: “Firewall SystemFor Protecting Network Elements Connected To A Public Network,” by Coleyand Wesinger, filed on Feb. 6, 1996, and incorporated herein byreference in its entirety. The foregoing application describes a systemfor preventing unauthorized access to network elements protected by afirewall. The firewall operates by maintaining a plurality of proxyagents that are assigned to verify and connect any incoming accessrequests. A proxy agent is usually assigned based on the port numberassociated with an incoming access request. In the present case,however, a proxy agent for validating a license is assigned for arequest originating from a desktop machine that resides behind thefirewall (i.e., is protected by the firewall). Hence, the proxy agentacts as licensing module performing all of the previously describedtasks associated with licensing modules. For example, a proxy agentlicensing module can receive and forward a license validity inquiryrequest message from a client application residing on a protectedcomputer. The proxy agent also acts on behalf of the responding agent toaccept a inquiry response message and then pass the response back to theprotected computer on behalf of the responding agent. The proxy agentalso can facilitate periodic updates of a cache component maintainedtherein. The proxy agent is the only IP address visible outside of thefirewall. The foregoing system protects the identity of the clientapplication computer because the proxy agent acts on behalf of thecomputer when communicating with the outside world.

[0107] In an exemplary commercial embodiment, the present invention cantake the form of a software package comprised of floppy disks, a CD-ROM,or even a downloadable package. The software package may consist of alibrary of object modules that can be selected, as needed, by a softwareapplications designer. The designer may select various object modulesfrom the library for insertion into a pre-compiled version of a softwareapplication. The entire software application, including the selectedobject modules, are compiled to create a single executable clientapplication. The selection of insertion points and frequency is left tothe discretion of the designer. Validation check watchdog timers can bedistributed throughout a software application. Validation checks can beinserted to correspond to various interrupts, or procedure calls withinthe software application (e.g., printing, saving). An opening routine inthe software application can be selected for insertion of an initiallicense validation or enablement check.

[0108] Because the present invention involves the operation of computingsystems, an exemplary embodiment of the invention-can take the form of amedium for controlling such computing systems. Hence, the invention canbe embodied in the form of an article of manufacture as a machinereadable medium such as floppy disk, computer tape, hard drive disk, CDROM, RAM, or any other suitable memory medium. The invention can also beembodied in a form that can be accessed and retrieved over a publicnetwork, such as the Internet, and downloaded onto a machine readablememory medium. Embodied as such, the memory medium contains computerreadable program code which causes one or more computing systems uponwhich the licensing system is running to function or carry out processesin accordance with the present invention.

[0109] The invention has been described with respect to severalexemplary embodiments. However, one skilled in the art will readilyappreciate and recognize that the licensing system or method ofoperation in accordance with the invention can be applied in anycomputing system using licensed software, which systems are preferablyattachable to a public network, such as the Internet. The inventionprovides the benefit of being able to freely distribute licensedsoftware incorporating the invention with reduced apprehension of thesoftware being illicitly copied or used without its being properlylicensed. Alternatively, a system in accordance with the invention canbe used to track and maintain records of the proliferation and use ofsoftware incorporating the invention.

[0110] The invention has been described with reference to particularembodiments. However, it will be readily apparent to those skilled inthe art that it is possible to embody the invention in specific formsother than those of the embodiments described above. Embodiment of theinvention in ways not specifically described may be done withoutdeparting from the spirit of the invention. Therefore, the preferredembodiments described herein are merely illustrative and should not beconsidered restrictive in any way. The scope of the invention is givenby the appended claims, rather than by the preceding description, andall variations and equivalents which fall within the range of the claimsare intended to be embraced therein.

What is claimed is:
 1. A system for enabling licensed software, thesystem comprising: a client module that is attachable to a softwareapplication, which software application is loaded on a computer havingaccess to a public network; and a license server containing softwareapplication license records, which license server is accessible over thepublic network; wherein the client module communicates with the licenseserver over the public network to determine the existence of a licenserecord corresponding to the software application.
 2. The system claimedin claim 1 , wherein the client module enables the software applicationif a license record corresponding to the software application on thecomputer exists.
 3. The system claimed in claim 1 , wherein the clientmodule disables the software application if no license recordcorresponding to the software application on the computer exists.
 4. Thesystem claimed in claim 1 , wherein the license server comprises anagent module for communicating with the client module, and a databasefor storing license records.
 5. The system as claimed in claim 1 ,wherein the public network is the Internet.
 6. The system claimed inclaim 4 , wherein a portion of the communication between the clientmodule and the agent module is encrypted.
 7. The system as claimed inclaim 6 , wherein the client and agent modules use a shared key toinitialize encryption engines contained in the client and agent modules,which encryption engines operate using the shared key.
 8. The systemclaimed in claim 1 , wherein the client module temporarily enables thesoftware application if no license record corresponding to the softwareapplication is found.
 9. The system claimed in claim 1 , wherein theclient module periodically communicates with the license server over thepublic network to determine the existence of a license recordcorresponding to the software application.
 10. The system claimed inclaim 9 , wherein the periodic communication is initiated pursuant to aninterrupt.
 11. The system claimed in claim 10 , wherein the periodiccommunication is initiated pursuant to expiration of a watchdog timer.12. The system claimed in claim 1 , wherein communication between theclient module and the license server is transparent to a user using thesoftware application.
 13. The system claimed in claim 3 , wherein thesystem prompts a user with a message informing the user of the lack of alicense and supplies the user with information for procuring a license.14. The system claimed in claim 3 , wherein the system initiates a Webhomepage session whereby a user can purchase a license for the softwareapplication.
 15. The system claimed in claim 12 , wherein the systemautomatically updates the license records in the license server pursuantto a license purchase.
 16. The system claimed in claim 1 , wherein thelicense server tracks communications received from the client module.17. The system claimed in claim 16 , wherein the license servergenerates billing information from tracked data.
 18. The system claimedin claim 1 , wherein the client module is attached to a pre-compiledversion of the software application whereby a single executable clientapplication is created by compilation.
 19. The system claimed in claim 1, wherein the client module is attached to a compiled version of thesoftware application.
 20. The system claimed in claim 19 , wherein theclient module validates licenses for a plurality of softwareapplications on the computer.